[SunHELP] strange problem
David Eisner
sunhelp at sunhelp.org
Fri Mar 30 15:14:37 CST 2001
I think your machine has been hacked. I just received word of an exploit that is characterized by the presence of a /dev/pts/01 directory.
I'd boot off a CD and get the md5 checksum of ls and check it against the md5 database on sunsolve.sun.com.
-David
>---- Original Message ---
>From: Angela Pardo <apardo at sfaids.ucsf.edu>
>To: "'sunhelp at sunhelp.org'" <sunhelp at sunhelp.org>
>Cc:
>Subject: [SunHELP] strange problem
>
>Hi everyone...
>
>one of my development servers (Solaris 7) have started experiencing a very
>strange problem and I was hoping someone here might have had seen it
>before...
>
>pretty much all files with "01" on them (e.g. 01-temp.html or joe01.gif) are
>not visible. that is you login to the machine (local shell, telnet, ssh,
>ftp) and you go to the location where the file is supposed to be but the
>file is just not visible to the user (not even root).
>But!
>
>somehow our webserver (orion [some weird java based web server] ) and CDE
>file manager can see the files and from some shells, although invisible you
>can modify, open and even rename the file to something else, so it becomes
>visible again.
>at first I thought this could be some sort of corruption with the file
>system so we created and moved some files to a different hard disk in the
>same machine, but we had the same results.
>
>I have never seen anything like this before, have any of you?
>
>Angela
>___________________________________________
More information about the SunHELP
mailing list